[Question]: Mitigate CVE-2025-48384 - Windows agents ships vulnerable git versions

### Describe your question

The windows agents ship a git version that is vulnerable to [CVE-2025-48384](https://nvd.nist.gov/vuln/detail/cve-2025-48384)

The vulnerable version is [hard coded here](https://github.com/microsoft/azure-pipelines-agent/blob/9e21cafedb47a87a7a1af91e8da872810ea82903/src/Misc/externals.sh#L30)

How can we mitigate this issue? Are there plans to release a new agent version that works for on-prem setups with a newer git version? 

### Versions

- 3.238.0
- 3.244.1
- 4.260.0 (latest as of now)

### Environment type (Please select at least one enviroment where you face this issue)

- [x] Self-Hosted
- [ ] Microsoft Hosted
- [ ] VMSS Pool
- [ ] Container

### Azure DevOps Server type

Azure DevOps Server (Please specify exact version in the textbox below)

### Operation system

Windows

### Version controll system

git

### Azure DevOps Server Version (if applicable)

2022.2 (AzureDevopsServer_20240806.7)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Question]: Mitigate CVE-2025-48384 - Windows agents ships vulnerable git versions #5304

Describe your question

Versions

Environment type (Please select at least one enviroment where you face this issue)

Azure DevOps Server type

Operation system

Version controll system

Azure DevOps Server Version (if applicable)

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Question]: Mitigate CVE-2025-48384 - Windows agents ships vulnerable git versions #5304

Description

Describe your question

Versions

Environment type (Please select at least one enviroment where you face this issue)

Azure DevOps Server type

Operation system

Version controll system

Azure DevOps Server Version (if applicable)

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions